fix: package.JSON split name/group with unorthodox names (#600)

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

HISTORY.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 ## unreleased
 
+* Fix: 
+  * `Builders.FromNodePackageJson.ComponentBuilder` no longer omits name parts after the second slash ([#599] via [#600])
+
+[#599]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/599
+[#600]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/600
+
 ## 1.13.1 - 2023-03-28
 
 * Docs

src/_helpers/packageJson.ts

@@ -20,11 +20,17 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 /**
  * Split name and group from a package's name.
  * Returns a tuple: [name, ?group]
+ *
+ * Based on [PackageJson spec](https://nodejs.org/api/packages.html#name) there are no restrictions on it.
+ * Having multiple slashes(`/`) is basically no issue.
  */
 export function splitNameGroup (data: string): [string, string?] {
-  return data[0] === '@'
-    ? data.split('/', 2).reverse() as [string, string?]
-    : [data]
+  const delimGroup = data[0] === '@'
+    ? data.indexOf('/', 2)
+    : 0
+  return delimGroup > 0
+    ? [data.slice(delimGroup + 1), data.slice(0, delimGroup)]
+    : [data, undefined]
 }
 
 /**

tests/integration/Builders.FromNodePackageJson.ComponentBuilder.test.js

@@ -79,6 +79,21 @@ suite('Builders.FromNodePackageJson.ComponentBuilder', () => {
           version: `1.33.7-alpha.23.${salt}`
         }
       )
+    ],
+    [
+      // Even though https://npmjs.org does not allow it,
+      // there is nothing wrong with a package name that contains more than one slash(/).
+      // It is completely compliant to NodeJS rules and will be properly resolved.
+      'name with slashes',
+      { name: '@foo/bar/baz' },
+      new Models.Component(
+        Enums.ComponentType.Library,
+        'bar/baz',
+        {
+          group: '@foo',
+          externalReferences: new Models.ExternalReferenceRepository([`FAKE REFERENCES ${salt}`])
+        }
+      )
     ]
   ].forEach(([purpose, data, expected]) => {
     test(`makeComponent: ${purpose}`, () => {